CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

EUVD-2026-39239

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A maliciou...

5.7AI score0.00184EPSS

Exploits0References8

Debian CVE•added yesterday•4 views

CVE-2026-53148

5.7AI score0.00184EPSS

Exploits0

CVE•added yesterday•7 views

CVE-2026-53148

In the Linux kernel Thunderbolt code, tb_xdp_properties_request derives per-packet copy length from the response header and may exceed the previously allocated data buffer, allowing memcpy to write past the kcalloc allocation. The fix clamps the per-packet copy length so that the cumulative offse...

5.7AI score0.00184EPSS

Exploits0References8

CVE•added yesterday•5 views

CVE-2026-53147

CVE-2026-53147 (Linux kernel Thunderbolt XDomain) : The issue arises in tb_xdp_handle_request() which casts a received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer can send an XDomain packet that passes the generic he...

5.9AI score0.0018EPSS

Exploits0References6

Debian CVE•added yesterday•4 views

CVE-2026-53147

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

5.8AI score0.0018EPSS

Exploits0

Debian CVE•added yesterday•4 views

CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

5.9AI score0.00176EPSS

Exploits0

AstraLinux•added last week•5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Thunderbolt: Mark the XDomain as unplugged when the router is removed. I noticed that when we perform discrete host-router NVM upgrades, and the router is hot-unplugged due to NVM firmware authentication issues, if there are othe...

5.5CVSS6.1AI score0.00236EPSS

Exploits0References2

AstraLinux•added last week•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fixed a memory leak in tbnetopen. When tbringallocrx fails in tbnetopen, the memory allocated in tbxdomainallocouthopid is not released. Add tbxdomainreleaseouthopid to the error path to release the allocated...

5.5CVSS5.8AI score0.00233EPSS

Exploits0References2

Tenable Nessus•added 2025/12/31 12:0 a.m.•3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993104)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993104 advisory. In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete...

5.5CVSS6.2AI score0.00236EPSS

Exploits0References3

Tenable Nessus•added 2025/11/12 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990835)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990835 advisory. In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete...

5.5CVSS6.2AI score0.00236EPSS

Exploits0References3

OSV•added 2024/11/15 12:21 p.m.•7 views

OESA-2024-2426 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcsgetfunction pinmuxgenericgetfunction can return NULL and the pointer 'function' was dereferenced without...

7.8CVSS5.4AI score0.00822EPSS

Exploits0References24

OSV•added 2024/11/15 12:21 p.m.•6 views

OESA-2024-2425 kernel security update

7.8CVSS5.5AI score0.00298EPSS

Exploits0References23

OSV•added 2024/11/15 12:21 p.m.•6 views

OESA-2024-2424 kernel security update

7.8CVSS5.5AI score0.00298EPSS

Exploits0References23

OSV•added 2024/10/21 8:15 p.m.•1 views

UBUNTU-CVE-2022-48955

In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnetopen When tbringallocrx failed in tbnetopen, ida that allocated in tbxdomainallocouthopid is not released. Add tbxdomainreleaseouthopid to the error path to release ida...

5.5CVSS5.7AI score0.00233EPSS

Exploits0References6

SUSE CVE•added 2024/09/17 2:50 a.m.•3 views

SUSE CVE-2024-46702

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another...

4.4CVSS6.4AI score0.00236EPSS

Exploits0References17